Cyber Security News — Past 24 hours | 08.06.2021

TikTok Quietly Updated Its Privacy Policy to Collect Users’ Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform.

The policy change, first spotted by TechCrunch, went into effect on June 2. On top of this, the company’s privacy policy also notes that it may collect information about «the nature of the audio, and the text of the words spoken in your User Content» so as to «enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations».

The revisions to its privacy policy come months after TikTok agreed to pay $92 million to settle a class-action lawsuit that alleged the app violated the Illinois’ Biometric Information Privacy Act by clandestinely capturing biometric and personal data from users in the U.S. to target ads without meeting the informed consent requirements of the state law.

Source —

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with malware and exploit code uploaded to its service.

«We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,» the Microsoft-owned company said. To that end, users are refrained from uploading, posting, hosting, or transmitting any content that could be used to deliver malicious executables or abuse GitHub as an attack infrastructure, say, by organizing denial-of-service attacks or managing command-and-control servers.

«Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring,» GitHub said.

The changes come into effect after the company, in late April, began soliciting feedback on its policy around security research, malware, and exploits on the platform with the goal of operating under a clearer set of terms that would remove the ambiguity surrounding «actively harmful content» and «at-rest code» in support of security research.

Source —

Google Chrome 91 Will Alert Users About Untrusted Browser Extensions

This new feature will alert Chrome users about extensions from untrusted developers whenever they try installing them. In this way, the browser will strive to protect the users from potential cyber threats. Currently, roughly 75% of extensions in the Chrome browser meet the criteria. For the rest, it will take developers a few months of continued compliance with the policies to become trusted.

Another New Feature In Google Chrome 91 Alongside warning users about untrusted add-ons, Google has rolled out another safety update with the latest browser version. This feature typically aims at ensuring downloads of safe files only. Whenever users attempt to download a file, Chrome will run a preliminary safety check for potential risks or known threats. If you choose to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis classifiers in real time.

This will help the users to avoid accidental downloads of malicious files. Yet, users can choose to bypass the warning and continue downloading the file if they want to. After scanning, the file will be removed from Google Safe Browsing a while later.

Source —

Microsoft Teams To Introduce End-to-End Encryption To Calls

This app, available with Microsoft Office 365, serves as a workspace management and communication platform supporting messaging, voice calls, and video conferencing. While the service has been around since 2017, it gained popularity as the world became dependent on online communication platforms in the wake of the COVID-19 pandemic. Despite all its usefulness, the platform lacked a major security feature –end-to-end encryption. Thus, it wasn’t ideal to adopt this service as the go-to- communication tool for personal or sensitive communications.

Nonetheless, as evident from the Microsoft 365 roadmap, the firm will roll out e2e encryption to Teams in July 2021. By default, end-to-end encryption will be disabled. After an admin enables this feature, the end-user will get the relevant settings to the respective Teams client on the device. At present, this feature won’t offer advanced protection such as “call escalation, transfer, record, merge”.

Source —

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store